Samwise Healthcare IT Newsletter
Friday, April 24, 2026
OpenAI Launches Free ChatGPT for Clinicians, Offering AI Documentation and Research Tool to Physicians
OpenAI launched ChatGPT for Clinicians on April 23, offering the AI tool free to verified physicians, nurse practitioners, physician assistants and pharmacists in the United States. Built on the GPT-5.4 model, the platform provides cited answers from peer-reviewed medical sources, assists with clinical documentation and research, and allows providers to earn continuing medical education credits. OpenAI says clinician usage of ChatGPT has more than doubled over the past year. Conversations are not used to train AI models. The rollout follows the company’s January 2026 introduction of ChatGPT for Healthcare for hospital enterprises and ChatGPT Health for consumers.
Sources: Fierce Healthcare
HSCC Issues AI Vendor Cybersecurity Guide as Third-Party Risk Grows Across Health Systems
The Health Sector Coordinating Council released a new cybersecurity guide on April 22 to help healthcare organizations manage growing third-party AI vendor risk. As health systems increasingly rely on AI-powered tools embedded in electronic health records, remote patient monitoring platforms and administrative systems, the guidance offers tactical steps for governance, procurement, risk assessment and contract language. The HSCC emphasized that third-party security, data governance practices and model integrity are difficult to verify, particularly given complex supply chains involving subcontractors and open-source components. The guide draws from NIST’s AI Risk Management Framework and HHS voluntary cybersecurity practices.
Sources: GovInfoSecurity
HIPAA Security Rule Overhaul Faces Uncertain Timeline as Federal Regulators Still Reviewing 4,700 Comments
The Trump administration has yet to decide whether to finalize a comprehensive overhaul of the HIPAA Security Rule proposed by its predecessor, according to April reporting. Federal regulators have not fully reviewed all 4,700 public comments received on the January 2025 notice of proposed rulemaking, which called for removing distinctions between required and addressable specifications, mandating multi-factor authentication, network segmentation and annual penetration testing. A final rule was tentatively scheduled for May 2026 but experts describe that deadline as aspirational. The proposed changes would be time-consuming and costly, particularly for under-resourced healthcare organizations.
Sources: GovInfoSecurity
Epic Health Systems Begin Real-Time Patient Record Sharing with Social Security Administration Through TEFCA
Thirteen hospitals and 374 clinics using Epic Systems electronic health records are now sharing patient medical records directly with the U.S. Social Security Administration through TEFCA, the federally backed Trusted Exchange Framework and Common Agreement. The connection allows real-time transmission of medical documentation needed for disability benefit determinations, which the Social Security Administration says could be processed up to 50 percent faster as a result. Epic customers have shared nearly 11 million records with the SSA over 15 years through predecessor networks. The expansion marks a significant step toward seamless, nationwide health data exchange between clinical providers and federal agencies.
Sources: Healthcare IT News
CMS Selects 150-Plus Organizations for ACCESS Model, Launching Tech-Enabled Chronic Care Program in July
The Centers for Medicare and Medicaid Services has selected more than 150 healthcare organizations to join the inaugural class of its Advancing Chronic Care with Effective, Scalable Solutions model, which launches in July 2026. Participants include digital health companies such as Noom, Withings, DocGo and Headspace, as well as traditional providers, working to deliver tech-supported care for patients with diabetes, hypertension, obesity, chronic kidney disease, depression and anxiety on Original Medicare. The 10-year program is designed to create stable, recurring Medicare payments for technology-enabled chronic disease management. CMS extended its application deadline to May 15 for additional interested organizations.
Sources: Healthcare Dive
VA Resumes EHR Modernization with Oracle-Cerner Go-Live at Four Michigan Medical Centers
The Department of Veterans Affairs deployed its Oracle-Cerner electronic health records system at four Michigan medical centers on April 11, marking the first VA EHR go-live in years following a multi-year pause. The facilities now on the new system are VA Ann Arbor Healthcare System, VA Battle Creek Medical Center, VA Detroit Healthcare System and VA Saginaw Healthcare System. The Michigan deployment is the first of 13 scheduled VA sites for 2026, with subsequent deployments planned in Ohio, Indiana and Alaska. The rollout resumes a federally mandated EHR modernization program that had faced significant technical and operational challenges.
Sources: Healthcare Dive
Study Finds Nearly Half of Health System Executives Not Ready to Deploy AI at Scale Despite Widespread Engagement
Nearly half of hospital and health system executives say their organizations are not operationally ready to deploy artificial intelligence at scale, despite widespread AI project engagement, according to a Guidehouse study published in conjunction with HIMSS. The survey of 50 qualified healthcare leaders found that 78 percent of health systems are engaged in AI projects but only 52 percent feel ready to implement them. Researchers identified dependency on EHR vendor roadmaps as a key barrier. The gap between AI engagement and operational readiness has created a growing digital divide, with smaller, resource-constrained facilities falling further behind larger systems.
Sources: Healthcare IT News
ARPA-H Healthcare Cybersecurity Programs Including Crashcart Ransomware Recovery Tool Preserved in Budget Review
Federal healthcare cybersecurity research programs, including ARPA-H’s Crashcart initiative, have been preserved despite broader HHS budget cuts proposed by the Trump administration. Crashcart, designed to rapidly restore hospital connectivity after ransomware attacks, demonstrated the ability to bring a 20-bed emergency department back online in 34 minutes using a small team of trained personnel. The program is among ARPA-H’s top fiscal 2027 priorities. ARPA-H’s UPGRADE program, which has invested more than 50 million dollars in automated hospital vulnerability patching tools, also survived the budget review, offering health systems protection from cyberattacks with minimal disruption to care delivery.
Sources: GovInfoSecurity
Curated by JD · samwise.agency